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WHAT IS CLAIMED IS: 



1. A method for implementing an intrusion detection system in a network, comprising: 

receiving a request at a software ag^nt program to initiate intrusion detection services 
on a remote computer; 

installing intrusion detection software on said remote computer via said software 
agent program; and 

executing said intrusion detection /software on said remote computer via said software 
agent program. 



2. The method of claim 1 further comprising: 
receiving a request to terminate intrusion detection services at said software agent 

program. 

3. The method of claim 2 further comprising: 
monitoring for fulfillment of a stop condition. 

4. The method of claim 3 whereinf said stop condition is based on network traffic 
conditions. 

5. The method of claim 3 wherein said stop condition is an expiration time. 



6. The method of claim 1 further comprising the step of: 
receiving notification of a netfwork intrusion. 



7, 



The method of claim 6 further comprising the step of: 

selecting said remote computer from a plurality of eligible computers. 
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1 8, The method of claim 7 wherein paid selecting step is accomplished based on a 

2 network map. 

1 9. The method of claim 7 whereiij said selecting step is accomplished based on a 

2 knowledge base. 

1 10, The method of claim 1 wherein said request is verified using a cryptographic 

2 authentication scheme. 



1 11. The method of claim 1 whenein said request includes a stop condition indicating when 

2 to stop executing the intrusion detection software. 



1 12. The method of claim 1 1 wnerein said stop condition is an expiration time. 

1 13. The method of claim 1 1 wperein said stop condition is based on network traffic 

2 conditions. 

1 14. The method of claim 7 wfierein said request is verified using a cryptographic 

2 authentication scheme. 

1 15. A method for implementing an intrusion detection system on a computer connected to 

2 a network, comprising: 

3 receiving a request to become an intrusion detection platform from a remote network 

4 location; and 

5 executing said intrusion detection software. 
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1 16. The method of claim 15 further comprising: 

2 installing intrusion detection software on said computer. 



1 17. The method of claim 15 Wherein said request includes a stop condition indicating 

2 when to stop executing the intrusion detection software. 



1 18. The method of claim 17 wherein said stop condition is an expiration time. 

1 19. The method of claim 17|wherein said stop condition is based on network traffic 

2 conditions. 
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20. The method of claim if further comprising the step of: 



when said stop conditi 
software. 

21. The method of claim 
authentication scheme. 



22. The method of claim 
when said intrusion d 
intrusion detection software 
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23. A system for detectin 

a plurality of computers 
an intrusion detection 
a database, 

wherein said intrusion 



>n is fulfilled, ceasing execution of said intrusion detection 



0 wherein said request is verified using a cryptographic 



further comprising the step of: 
tection software has ceased executing, un-installing said 



intrusions in a computer network comprising: 

executing software agents; 
server; and 



detection server sends a request to execute intrusion detection 
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6 software to a software agent at at least one of said plurality of computers when intrusion 

7 detection services are needed based on information contained in said database. 

1 24. The system of claim 23 wherein said intrusion detection server increases the number 

2 of said plurality of computers executing intrusion detection software when a network 

3 intrusion is detected. 

1 25. The system of claim 23 wherei^ said intrusion detection server changes the number 

2 of said plurality of computers executing intrusion detection software when the level of 

3 network traffic changes. 

1 26. The system of claim 23 wherein said intrusion detection server changes the number of 

2 said plurality of computers executing intrusion detection software depending on the time of 

3 day. 

1 27. The system of claim 23 wherein said database contains information about the plurality 

2 of computers. 

1 28. The system of claim 27 wherein said information includes a map of said computer 

2 network. 

1 29* The system of claim 23 ^herein said database contains a knowledgebase. 



1 30. An article of manufacture comprising a computer-readable medium having stored 

2 thereon instructions adapted to be executed by a processor, the instructions which, when 

3 executed, define a series of stepjs to be used to perform network intrusion detection, said steps 

4 comprising: 
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5 receiving a request at a software ager t program to initiate intrusion detection services 

6 on a remote computer; 

7 installing intrusion detection software on said remote computer via said software 

8 agent program; and J 

9 executing said intrusion detection software on said remote computer. 

1 31. The article of manufacture of claim 30 further comprising the step of: 

2 receiving notification of a network (intrusion. 



1 32. The article of manufacture of claim 3 1 further comprising the step of: 

2 selecting said remote computer from a plurality of eligible computers. 

1 33. The article of manufacture of cla/m 32 wherein said selecting step is accomplished 

2 based on a network map. 

1 34. The article of manufacture of cjfaim 32 wherein said selecting step is accomplished 

2 based on a knowledge base. 
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35. The article of manufacture of ilaim 30 wherein said request is verified using a 
cryptographic authentication scheme. 



36. The article of manufacture 
indicating when to stop executing the 



of claim 30 wherein said request includes a stop condition 
intrusion detection software. 



1 37. The article of manufacture of claim 36 wherein said stop condition is an expiration 

2 time. 



13 




Patent 
AWS 459 

/ 2685/113639 

1 38. The article of n/anufacture of claim 36 wherein said stop condition is based on 
1 network traffic conditions. 
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